|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Infektion Windows VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.08.2012, 12:38 | #1 |
| GVU Trojaner Infektion Windows Vista Hallo und guten tag, Ich habe mir gestern diesen GVU trojaner eingefangen der mich aufforderte 100 euro per ukash oder paysafecard einzulösen um wieder normal an meinem rechner arbeiten zu können. Ich habe im abgesicherten Modus hochgefahren und systemwiederherstellung gemacht. Nun meldet er sich nichtmehr allerdings läuft der laptop nichtmehr ganz rund,denke da spukt noch was herum. Ich bin neu hier und habe von computern ein wenig ahnung aber begrenzt, mein freund hilft mir ein wenig,würde mich sehr freuen wenn ihr mir helfen könntet. Als erstes hier die erwünschten logs um einsicht in das system zu haben Hier das OTL log: Code:
ATTFilter OTL logfile created on: 17.08.2012 12:52:44 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mama\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 63,91% Memory free 3,96 Gb Paging File | 3,09 Gb Available in Paging File | 78,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,25 Gb Total Space | 38,39 Gb Free Space | 42,54% Space Free | Partition Type: NTFS Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mama\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (WG111T) -- system32\DRIVERS\WG111Tv.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.) DRV - (69377452) -- C:\Windows\System32\drivers\69377452.sys (Kaspersky Lab) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (setup_9.0.0.722_14.08.2012_12-35drv) -- C:\Windows\System32\drivers\6937745.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (69377451) -- C:\Windows\System32\drivers\69377451.sys (Kaspersky Lab) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation) DRV - (ssm_bus) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation) DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes,DefaultScope = {19AD08EA-03F1-488E-B94B-C05722DA6C8D} IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:59:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.30 14:23:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:59:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.30 14:23:31 | 000,000,000 | ---D | M] [2009.12.31 18:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Extensions [2012.08.14 20:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions [2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2} [2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Share Button) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d} [2012.08.01 16:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions [2010.09.03 16:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.01 16:32:08 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2} [2012.05.18 12:14:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\ich@maltegoetz.de [2012.05.03 13:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.08.14 20:55:22 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\MAMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQE0YR0W.DEFAULT-1136075560189\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI [2012.08.14 20:55:23 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\MAMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQE0YR0W.DEFAULT-1136075560189\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI [2012.07.20 22:59:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.19 22:33:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 08:57:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 08:57:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 08:57:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.02.13 08:57:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 08:57:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 08:57:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\Toolbar\WebBrowser: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [recinfo28] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000..\Run: [huufr.exe] C:\Users\Mama\AppData\Roaming\Ugih\huufr.exe File not found O4 - Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.08.2012_12-35.lnk = C:\Users\Mama\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.08.2012_12-35\startup.exe () O7 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B7AC4E5-810C-484F-B2F4-E22570076F1D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC55169-5853-4D89-8775-1E14EDAF31E7}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4573CF0-FA08-4517-9C15-4AB59BCF7DA6}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell - "" = AutoRun O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell - "" = AutoRun O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.17 00:34:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe [2012.08.17 00:29:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Malwarebytes [2012.08.17 00:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.17 00:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.17 00:29:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.17 00:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.16 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\DJ Tomekk - Numma Eyns [2012.08.12 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Fanda Games [2012.08.12 03:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\AzuazGames [2012.08.12 01:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT [2012.08.11 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Dracula 3 Part 1 [2012.08.10 16:31:15 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2012.08.10 16:23:55 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2012.08.10 16:23:04 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll [2012.08.10 16:22:56 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Image-Line [2012.08.10 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2012.08.10 16:22:23 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm [2012.08.10 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2012.08.10 16:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim [2012.08.10 01:35:35 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\City Interactive 3 Days Zoo Mystery [2012.08.10 01:06:57 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2012.08.10 01:06:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2012.08.10 01:06:57 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2012.08.10 01:06:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2012.08.10 01:06:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2012.08.10 01:06:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2012.08.10 01:01:07 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2012.08.10 01:01:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2012.08.10 01:01:04 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2012.08.10 01:01:04 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2012.08.10 01:01:04 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2012.08.10 01:01:03 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2012.08.10 01:01:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2012.08.10 01:01:01 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2012.08.10 01:01:01 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2012.08.10 01:00:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2012.08.10 01:00:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2012.08.10 01:00:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2012.08.10 01:00:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2012.08.10 01:00:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2012.08.10 01:00:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2012.08.10 01:00:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2012.08.10 01:00:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2012.08.10 01:00:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2012.08.10 01:00:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2012.08.10 01:00:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2012.08.10 01:00:47 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2012.08.10 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive [2012.08.10 00:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive [2012.08.10 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.08.09 23:11:47 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\NPS [2012.08.09 16:35:52 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Spiele [2012.08.08 22:48:35 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\EntwinedSoD [2012.08.08 13:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\AlawarEntertainment [2012.08.07 23:49:41 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MumboJumbo [2012.08.06 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Deep Shadows [2012.08.06 13:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Dekovir [2012.08.06 12:35:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\RUIN_Saves [2012.08.05 22:47:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Robin Hood [2012.08.05 22:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Robin Hood [2012.08.05 18:12:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GamersDigital [2012.08.05 18:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GamersDigital [2012.08.05 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Phantasmat_oberon_se [2012.08.04 20:29:20 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Rainbow [2012.08.04 19:32:58 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GO Games [2012.08.04 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\LittleGamesCompany [2012.08.04 11:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LittleGamesCompany [2012.08.03 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Ghost Ship Studios [2012.08.03 20:20:29 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Jetdogs Studios [2012.08.03 19:16:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MediaArt [2012.08.03 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt [2012.08.03 17:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\VendelGAMES [2012.08.02 13:15:36 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\CattaleGames [2012.08.02 10:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries [2012.08.02 09:58:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\MumboJumbo [2012.07.31 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GraveyardShift [2012.07.31 22:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HideAndSecret3 [2012.07.31 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MA2 [2012.07.28 00:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Becky Brogan [2012.07.27 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\EleFun Games [2012.07.27 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Funzai! [2012.07.27 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\DailyMagic [2012.07.27 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Blue Tea Games [2012.07.27 17:22:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Aisle 5 Games, Inc [2012.07.26 16:31:34 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GTM_Bodie [2012.07.25 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\TrickySoftware [2012.07.25 22:23:20 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Elephant Games [2012.07.25 22:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games [2012.07.25 18:25:59 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\casualArts [2012.07.25 18:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts [2012.07.22 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Azuaz Games [2012.07.07 22:16:52 | 015,267,728 | ---- | C] (Google Inc.) -- C:\Users\Mama\picasa39_136.4-setup.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.17 12:51:03 | 000,651,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.17 12:51:03 | 000,618,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.17 12:51:03 | 000,120,318 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.17 12:51:03 | 000,106,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.17 12:44:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.08.17 12:43:27 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.17 12:43:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.17 12:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.17 11:49:32 | 000,000,156 | ---- | M] () -- C:\Users\Mama\defogger_reenable [2012.08.17 01:12:50 | 000,050,477 | ---- | M] () -- C:\Users\Mama\Desktop\Defogger.exe [2012.08.17 00:34:02 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe [2012.08.17 00:29:29 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.17 00:17:53 | 000,001,356 | ---- | M] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat [2012.08.17 00:14:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.14 14:20:12 | 000,000,974 | ---- | M] () -- C:\Users\Mama\Desktop\Vampire.lnk [2012.08.13 15:56:45 | 000,000,803 | ---- | M] () -- C:\Users\Mama\Desktop\ART2.lnk [2012.08.12 23:52:55 | 000,000,781 | ---- | M] () -- C:\Users\Mama\Desktop\three_days.lnk [2012.08.12 01:17:18 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\Jules Vernes Das Abenteuer Jangada.lnk [2012.08.12 01:16:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk [2012.08.12 01:16:39 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Escape from Lost Island.lnk [2012.08.12 01:15:41 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Affair Bureau.lnk [2012.08.12 01:15:29 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk [2012.08.12 01:14:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.08.11 18:47:11 | 000,000,740 | ---- | M] () -- C:\Users\Mama\Desktop\CriminalMinds.lnk [2012.08.10 22:26:27 | 000,000,853 | ---- | M] () -- C:\Users\Mama\Desktop\EscapeTheEmeraldStar.lnk [2012.08.10 18:01:32 | 000,001,031 | ---- | M] () -- C:\Users\Mama\Desktop\MidnightMysteries3.lnk [2012.08.10 16:57:57 | 000,000,742 | ---- | M] () -- C:\Users\Mama\Desktop\100PercentHO.lnk [2012.08.10 16:57:34 | 000,000,865 | ---- | M] () -- C:\Users\Mama\Desktop\NightmareOnThePacific.lnk [2012.08.10 16:57:22 | 000,000,900 | ---- | M] () -- C:\Users\Mama\Desktop\losttemple.lnk [2012.08.10 16:57:04 | 000,000,985 | ---- | M] () -- C:\Users\Mama\Desktop\Das Schicksal der Marie Antoinette.lnk [2012.08.10 16:55:55 | 000,000,814 | ---- | M] () -- C:\Users\Mama\Desktop\Malediction.lnk [2012.08.10 16:55:43 | 000,000,814 | ---- | M] () -- C:\Users\Mama\Desktop\Depths of Betrayal.lnk [2012.08.10 16:31:15 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2012.08.10 16:23:56 | 000,000,666 | ---- | M] () -- C:\Users\Mama\Desktop\ASIO4ALL v2 Instruction Manual.lnk [2012.08.10 16:23:01 | 000,000,454 | ---- | M] () -- C:\Users\Mama\Desktop\FL Studio 10.lnk [2012.08.10 04:11:28 | 000,000,510 | ---- | M] () -- C:\Users\Mama\Desktop\MC.lnk [2012.08.10 04:11:22 | 000,000,515 | ---- | M] () -- C:\Users\Mama\Desktop\3DZ.lnk [2012.08.10 04:09:26 | 000,000,852 | ---- | M] () -- C:\Users\Mama\Desktop\game.lnk [2012.08.10 04:08:56 | 000,000,878 | ---- | M] () -- C:\Users\Mama\Desktop\Soul Mysteries.lnk [2012.08.10 04:08:42 | 000,001,007 | ---- | M] () -- C:\Users\Mama\Desktop\The Order Of Conspiracy.lnk [2012.08.10 04:08:30 | 000,000,883 | ---- | M] () -- C:\Users\Mama\Desktop\Portals.lnk [2012.08.10 04:08:20 | 000,001,088 | ---- | M] () -- C:\Users\Mama\Desktop\The Agency of Anomalies 2.lnk [2012.08.10 04:07:13 | 000,001,105 | ---- | M] () -- C:\Users\Mama\Desktop\Secrets of the Past - Tagebuch meiner Mutter.lnk [2012.08.04 09:50:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.04 09:50:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.17 11:49:31 | 000,000,156 | ---- | C] () -- C:\Users\Mama\defogger_reenable [2012.08.17 01:13:21 | 000,302,592 | ---- | C] () -- C:\Users\Mama\Desktop\gmer.exe [2012.08.17 01:13:14 | 000,050,477 | ---- | C] () -- C:\Users\Mama\Desktop\Defogger.exe [2012.08.17 00:29:29 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.17 00:12:34 | 000,001,356 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat [2012.08.17 00:07:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.14 14:20:12 | 000,000,974 | ---- | C] () -- C:\Users\Mama\Desktop\Vampire.lnk [2012.08.13 15:56:45 | 000,000,803 | ---- | C] () -- C:\Users\Mama\Desktop\ART2.lnk [2012.08.12 23:52:55 | 000,000,781 | ---- | C] () -- C:\Users\Mama\Desktop\three_days.lnk [2012.08.12 01:17:18 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\Jules Vernes Das Abenteuer Jangada.lnk [2012.08.12 01:16:51 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk [2012.08.12 01:16:39 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Escape from Lost Island.lnk [2012.08.12 01:15:41 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Affair Bureau.lnk [2012.08.12 01:15:29 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk [2012.08.11 18:47:11 | 000,000,740 | ---- | C] () -- C:\Users\Mama\Desktop\CriminalMinds.lnk [2012.08.10 22:26:27 | 000,000,853 | ---- | C] () -- C:\Users\Mama\Desktop\EscapeTheEmeraldStar.lnk [2012.08.10 18:01:32 | 000,001,031 | ---- | C] () -- C:\Users\Mama\Desktop\MidnightMysteries3.lnk [2012.08.10 16:57:57 | 000,000,742 | ---- | C] () -- C:\Users\Mama\Desktop\100PercentHO.lnk [2012.08.10 16:57:34 | 000,000,865 | ---- | C] () -- C:\Users\Mama\Desktop\NightmareOnThePacific.lnk [2012.08.10 16:57:22 | 000,000,900 | ---- | C] () -- C:\Users\Mama\Desktop\losttemple.lnk [2012.08.10 16:57:04 | 000,000,985 | ---- | C] () -- C:\Users\Mama\Desktop\Das Schicksal der Marie Antoinette.lnk [2012.08.10 16:55:55 | 000,000,814 | ---- | C] () -- C:\Users\Mama\Desktop\Malediction.lnk [2012.08.10 16:55:43 | 000,000,814 | ---- | C] () -- C:\Users\Mama\Desktop\Depths of Betrayal.lnk [2012.08.10 16:23:56 | 000,000,666 | ---- | C] () -- C:\Users\Mama\Desktop\ASIO4ALL v2 Instruction Manual.lnk [2012.08.10 16:23:01 | 000,000,454 | ---- | C] () -- C:\Users\Mama\Desktop\FL Studio 10.lnk [2012.08.10 04:11:28 | 000,000,510 | ---- | C] () -- C:\Users\Mama\Desktop\MC.lnk [2012.08.10 04:11:22 | 000,000,515 | ---- | C] () -- C:\Users\Mama\Desktop\3DZ.lnk [2012.08.10 04:09:26 | 000,000,852 | ---- | C] () -- C:\Users\Mama\Desktop\game.lnk [2012.08.10 04:08:56 | 000,000,878 | ---- | C] () -- C:\Users\Mama\Desktop\Soul Mysteries.lnk [2012.08.10 04:08:42 | 000,001,007 | ---- | C] () -- C:\Users\Mama\Desktop\The Order Of Conspiracy.lnk [2012.08.10 04:08:30 | 000,000,883 | ---- | C] () -- C:\Users\Mama\Desktop\Portals.lnk [2012.08.10 04:08:20 | 000,001,088 | ---- | C] () -- C:\Users\Mama\Desktop\The Agency of Anomalies 2.lnk [2012.08.10 04:07:13 | 000,001,105 | ---- | C] () -- C:\Users\Mama\Desktop\Secrets of the Past - Tagebuch meiner Mutter.lnk [2012.08.06 19:10:08 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.04.11 01:40:03 | 000,000,000 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\wklnhst.dat [2012.01.30 02:34:33 | 000,000,296 | ---- | C] () -- C:\Windows\baldies.ini [2011.12.22 12:59:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.12.22 12:59:52 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.06.21 20:26:35 | 000,012,670 | ---- | C] () -- C:\Users\Mama\AppData\Local\slot1.mm1 [2010.08.03 01:40:38 | 000,000,218 | ---- | C] () -- C:\Users\Mama\.recently-used.xbel [2010.07.28 17:52:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.31 19:30:44 | 000,043,520 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.07.11 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012.07.27 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Aisle 5 Games, Inc [2012.08.09 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Alawar [2012.08.08 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlawarEntertainment [2012.07.09 02:59:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlderGames [2012.06.06 00:02:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Amazon [2011.06.29 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Anabel [2012.08.01 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artifex Mundi [2011.07.29 23:15:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artogon [2012.07.11 00:53:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Awem [2012.07.22 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Azuaz Games [2012.08.12 03:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AzuazGames [2011.06.13 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BanzaiInteractive [2012.07.31 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Big Fish Games [2011.06.26 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BloodTies [2012.07.27 19:12:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Blue Tea Games [2012.07.28 10:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Boomzap [2012.07.02 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Casual Arts [2012.07.25 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\casualArts [2012.08.02 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\CattaleGames [2012.08.10 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\cerasus.media [2012.08.10 01:35:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\City Interactive 3 Days Zoo Mystery [2012.08.10 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DAEMON Tools Lite [2012.07.27 20:33:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DailyMagic [2012.08.06 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Deep Shadows [2012.06.21 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Dekovir [2012.06.18 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft [2012.07.27 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EleFun Games [2012.06.19 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ElementalsTheMagicKey [2012.07.27 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Elephant Games [2011.07.15 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enchanted Katya [2012.07.09 01:34:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enki Games [2012.08.08 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EntwinedSoD [2011.07.20 12:54:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS G-Studio [2012.08.10 06:20:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS Game Studios [2011.06.26 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EscapeTheMuseum2 [2012.08.12 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Fanda Games [2011.07.03 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Flood Light Games [2011.08.13 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Floodlight Games [2011.06.13 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FloodLightGames [2012.08.15 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Friday's games [2012.02.23 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Frogwares [2012.07.27 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Funzai! [2012.06.29 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GameMill Entertainment [2012.02.27 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gamers Digital [2012.08.05 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GamersDigital [2011.06.15 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Games [2012.08.03 23:42:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ghost Ship Studios [2012.08.04 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GO Games [2012.07.03 17:16:34 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gogii [2012.07.31 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GraveyardShift [2010.08.03 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\gtk-2.0 [2012.07.26 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GTM_Bodie [2012.08.09 22:06:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HdO Adventure [2011.07.16 22:31:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HiT-MM [2011.06.12 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\iMaxGen [2012.07.02 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Iminent [2012.08.03 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jetdogs Studios [2011.06.14 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jewel Match 3 [2012.06.28 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Lazy Turtle Games [2012.08.14 22:58:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LegacyInteractive [2012.02.24 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Legends of pirates [2012.07.09 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LestaStudio [2012.08.04 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LittleGamesCompany [2012.07.31 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MA2 [2011.06.13 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic Academy 2 [2011.07.22 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic3 [2012.08.08 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MagicIndie [2012.08.05 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MediaArt [2012.06.30 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Meridian93 [2011.06.18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Merscom [2012.06.20 00:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\monsterz [2012.08.07 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MumboJumbo [2012.07.03 15:40:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Mystery of Mortlake Mansion [2012.08.03 23:03:30 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MysteryStudio [2011.11.11 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon 3 Days Zoo Mystery [2012.07.12 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon Media [2011.06.26 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1000 [2012.07.09 23:21:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1002 [2011.08.03 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1004 [2011.07.01 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1006 [2009.12.31 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenOffice.org [2012.07.26 22:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Orneon [2011.12.22 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PC Suite [2012.06.23 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Peace Craft [2010.08.02 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PeerNetworking [2012.07.03 05:53:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_intenium_se [2012.08.05 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_oberon_se [2012.06.27 03:06:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PlayFirst [2012.07.15 23:17:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PoBros [2012.06.23 01:42:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\pokerth [2012.01.19 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\QuickScan [2012.08.04 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Rainbow [2012.08.05 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Robin Hood [2011.06.25 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\RobinsonCrusoe [2011.12.22 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Samsung [2011.06.13 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SecretIslandDeuBF [2011.06.29 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SerpentOfIsis [2011.06.17 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Settlement. Colossus [2011.07.15 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Silverback Productions [2012.07.08 23:16:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Skunk Studios [2012.06.26 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SMIGames [2011.01.11 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Software Informer [2010.09.20 20:46:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Sony [2012.08.10 01:39:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SpinTop Games [2012.06.26 22:10:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SprillRichiGerman [2012.01.11 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Suziaz [2012.04.11 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template [2011.06.11 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\The Games Company [2012.07.04 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ThreeDays2 [2012.06.28 03:55:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TikisLab [2011.06.14 09:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TitanicMystery [2012.06.26 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TOMI3 [2011.06.29 12:53:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Top Evidence [2012.07.25 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TrickySoftware [2012.02.04 02:59:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ugih [2012.02.24 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\URSE Games [2011.06.16 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\V-Games [2011.06.17 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VampireSaga [2012.07.08 00:30:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vast Studios [2012.08.03 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VendelGAMES [2012.08.06 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vogat Interactive [2012.08.17 02:40:55 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 403 bytes -> C:\ProgramData\TEMP:6891C915 @Alternate Data Stream - 392 bytes -> C:\ProgramData\TEMP:CE1DA626 @Alternate Data Stream - 391 bytes -> C:\ProgramData\TEMP:E603155F @Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:8B38FB22 @Alternate Data Stream - 378 bytes -> C:\ProgramData\TEMP:98838593 @Alternate Data Stream - 375 bytes -> C:\ProgramData\TEMP:691A064E @Alternate Data Stream - 375 bytes -> C:\ProgramData\TEMP:66CBBDB8 @Alternate Data Stream - 370 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 367 bytes -> C:\ProgramData\TEMP:75B3F7A3 @Alternate Data Stream - 364 bytes -> C:\ProgramData\TEMP:4B112591 @Alternate Data Stream - 359 bytes -> C:\ProgramData\TEMP:401444AD @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:D323F5EF @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:136DD674 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:EC2C753C @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:A90435A2 @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:65E5A65A @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:BF3CB074 @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D624FC7E @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8F7ECF6A @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:E1069F99 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D612C9AF @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CAA2D3CC @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:92DC6D95 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:91CF76E3 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4FADDE0F @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:14982C34 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D44D0CA3 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:CCBF0D67 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:799B8AA7 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:5B2D0200 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:072B9E55 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:FE287FAF @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B45E2DC6 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:87C92DF3 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:864A52B8 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5E0617AC @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2BEBE57F @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:26140299 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:24AB14E7 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E60A0116 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9F9D57FD @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9DDF16A0 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:981349EA @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4B6FD339 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1F2BE70F @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:B5C74AE4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8F54A01C @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:72E546C1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3A172552 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EB3A09D6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DB051353 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D156DCC8 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C40E212B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B8B102B9 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:76AA316A @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6094C43B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0AE8FC60 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E380FC9B @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:926B6E7A @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8AD8C82D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6CBAF5F3 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:4E87B1CC @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8C458D50 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1E66EE85 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1E3397DC @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8E9D804 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C70C12CF @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:8C885EDD @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:71D06554 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:42942A7F @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0BFCB272 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E89EDC52 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5805A05 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C953979F @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C7052D89 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C3A4217C @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A38E5103 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:46D3A554 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:EAB1AD1B @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8BBD1F9A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7C0CBD4C @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6D9FC225 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:63A71C6F @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:52FE3CCD @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:42275BC2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2A578A48 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1FD226D @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CF2C26D2 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7E7C5DB5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:45AF97B8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:20B9E63F @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0D31DA45 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FA454DFF @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:F97550B0 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D3FFFBA9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B652B720 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5095D8B1 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3B9582E0 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DD3F5AF4 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:70D21A0C @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:31DA63EA @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E79EFDA4 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D478F292 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A724744F @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5D51D132 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17DA7CD5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CC3B950A @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:AABA76BE @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A98B0BB8 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A047BC0D @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:940ECC98 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7A0A894A @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:550179F5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:541F9F51 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7B2BC634 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3F22DA14 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3031D8E8 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B894C266 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A9C63474 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6F160860 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:371C7196 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2EB8C6BB @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E98C5DD9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AA7BE830 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A5584049 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2020565D @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:956EC010 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:726A7C8D @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:687D1056 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3005D353 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23CB5E78 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F01E7F17 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BDDE9892 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:68C4BECC @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1AE31F2A @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FF25B447 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E60D24D7 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DBCF903F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A9D9351A @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7DBF4CE6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68AB648F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2A615C9C @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F878F14A @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BBA04CB2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0C5A6770 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FDAF118C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C0601E00 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BC521608 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:735575D8 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:20BC9A76 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D4DCC75D @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B5A5F21A @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8F925134 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D4A7C55A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C8F88A8F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C2F24DB5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7C3E753C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:798F4CE4 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5A27D490 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C44E62F1 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7E27CEAF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8C443193 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:85316D14 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:84E5776A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3FC46878 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:389D51A1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3095BD69 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373C6DC2 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1FE38D7 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2FAFBD6A < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.08.2012 12:52:44 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Mama\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 63,91% Memory free 3,96 Gb Paging File | 3,09 Gb Available in Paging File | 78,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,25 Gb Total Space | 38,39 Gb Free Space | 42,54% Space Free | Partition Type: NTFS Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FA0ECD-49E1-47CE-A152-7AC8E21B99A9}" = rport=138 | protocol=17 | dir=out | app=system | "{0279128D-7A99-4E9C-8C40-464F2CFA26CC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{04647708-863B-44FE-A3B3-2FFC3222505F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{108C5F05-9271-41A9-B50D-A87D5406BC5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{15A9B0DC-2357-48EC-B1D0-29544EC66324}" = rport=5357 | protocol=6 | dir=out | app=system | "{162DA567-040A-4ECF-A27D-228C462DC2EA}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{2631E0B5-2901-4E41-80F3-226D56FCEA22}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{2AD33912-C4FB-4B2C-9630-F583943659C9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{370D1E25-0BEF-462D-8A2B-1D526EF50707}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{39D42E8B-A4E6-4F59-AC90-CBFDCBC2E617}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{3D80D450-401D-475F-93BE-F066061E5B9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{431F5895-9055-43DF-A7A6-BC915FE1200B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4358C905-DAD4-4E2D-8DF2-BDEA78A9ECB8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{54495964-4D7F-4903-8A79-AA689545B640}" = lport=5358 | protocol=6 | dir=in | app=system | "{60E8876B-A8C2-451D-A127-5125063E7642}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{616D60C7-D0CA-4A1E-928F-AF8CC48C26C6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{6B7EB399-EE57-412A-B00E-607098B917CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6BF0F855-9064-413B-A727-284F44BC54A7}" = lport=2869 | protocol=6 | dir=in | app=system | "{6CB5E8B7-AABA-4F6B-8AF4-F312A10A45EA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{72BBCA02-8591-4063-9897-C3337FDB155D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{86FF54DF-FBCC-4092-8F40-DB5B66438AE4}" = lport=138 | protocol=17 | dir=in | app=system | "{882F44F3-3467-4D26-B6AC-9168BDA5E210}" = rport=445 | protocol=6 | dir=out | app=system | "{89487487-8274-483A-B0E9-18151FB44B57}" = lport=445 | protocol=6 | dir=in | app=system | "{8C19C07A-B4D3-4B5A-A699-C1266660C4A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{965778AA-73A6-4C5B-87A4-BA9C52F5F536}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{97CE6B14-C883-4592-8A62-F6512791F0B4}" = rport=137 | protocol=17 | dir=out | app=system | "{9AD5818F-899B-480C-954A-BEBB73A8C9BE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{9DAF3760-A043-477F-AE59-8B3D91C02284}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{A507FA70-1F8C-4D9E-A16A-678DF0A19711}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{A5EB24BE-66B6-4B66-A50A-182729E59F86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AFD01500-56AE-409A-96F2-95F8299332B3}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | "{B0E40B86-63A4-4D59-8F12-D3631AAAC1FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B6010058-0FA9-43BC-BC34-3FD945B33A40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BAC30578-3B48-49A1-BF7A-C72626CBCD3D}" = lport=5357 | protocol=6 | dir=in | app=system | "{BC868ECA-82D8-4395-8F9E-57CD4FADF269}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{C0259041-FE49-4FBE-9AD0-3DE7BD31A95B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{CD6B6D71-AB49-44D5-A654-6D704D70DA0F}" = rport=5358 | protocol=6 | dir=out | app=system | "{D8C5DB01-B964-483D-A859-7BFB71FDC314}" = lport=137 | protocol=17 | dir=in | app=system | "{DE8246AE-7644-4AFE-A74B-8227AF7FEDE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DFC21684-F556-4B5D-9A3A-8300CD80AF97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E55E13D4-334E-4403-8180-A9805B71F17A}" = rport=139 | protocol=6 | dir=out | app=system | "{E7A4C04E-9642-455B-8F0A-FC3C1BAD8497}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF1A1B29-0CD3-4A7E-AA4B-84CCE454B827}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{F61590D6-E505-4581-B1AA-99192ABC7614}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FBE458BA-8047-4EB9-841F-769029900D4C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{FD1F812E-B0DF-4350-86E7-431233B3AE17}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0211B87B-CCA7-4429-9E46-37F1C4DDA3F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02AD431C-6341-4738-84E5-FC77EAA7F88E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{06F81348-3EEC-4668-98A5-AB8EC0811924}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{080F3FF1-2482-4AAE-A4BC-F6A3DAE778A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0DE19243-92B9-49D3-8237-E0D1B362C445}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{2928B73F-FE5C-4018-8C1C-E2576BB023C6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{29CF3C40-8D93-490C-8129-53111D4944E9}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{37CC016D-6745-4BAA-B076-7FD97CEF9C96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{48561C72-8761-4FBB-B87F-8F2CC9BC940F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{4F027D72-C8D5-493D-9ADB-742C7350CD64}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{52D665F7-4988-4215-A183-627ADB930F56}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{62BC5299-15A8-4F3D-85D7-EAB9DBDBB0AF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{6E09BC9D-69EC-4CAD-ADC3-C87B48FCA8B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7917FD91-C9B8-43C0-8018-760694C5BF20}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{83E0C7AE-B412-441D-A935-6BB6145312B1}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{8C3A0F9B-A7D1-4B60-8801-9EB0A74B0691}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{8D71BDE2-7AAC-46F4-B1F9-25FEE56DE53A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9A32A6C9-3A3B-4D84-9FD8-FADCCC50C10D}" = protocol=17 | dir=in | app=e:\alicecd.exe | "{9D7334F5-FFA6-4241-AFA2-E7BDE9B7866A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B1F7C501-7443-4F9B-84BC-4B0DE0478435}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{BD4D9D55-EC37-4874-90C6-E942BE656DAE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{C61FCDE4-FB92-452D-95A0-6C9C2B1D6F82}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{D37243BA-C9AA-496B-9229-7EA40D772F44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E54BBEAA-AF5C-4182-BDAA-9C5E527B146B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{E68CE419-5DF4-41BE-B721-BB0577773AC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EA70FDBB-B2E4-402C-8F03-369EB72E5A2B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{EA77EE00-CF71-46AA-865A-714E5D878AC8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{EBC13011-CB9E-434F-96B6-1A6A3EA4D2EC}" = protocol=6 | dir=in | app=e:\alicecd.exe | "{F0C112D6-2FD1-4127-A4FB-1481AACF84A0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FBDE2F07-9772-4BA0-8CBB-5F48649BF560}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "TCP Query User{0FA34F7D-F892-4779-B87A-658A0A0F6F8F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{2B70DF47-7CFE-44DF-B5F0-EC88BEB43A26}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{48861F69-933A-4B6B-9FFF-6F69DEAB90CE}C:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe | "TCP Query User{9706EEF2-A872-4195-AFCF-8537369D3716}C:\program files\thq\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\thq\titan quest\titan quest.exe | "TCP Query User{9EEE7F04-A3DA-405B-97A6-3A0E0E3F0669}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | "TCP Query User{A3C6F137-A86B-45D6-BD26-049FA6474F39}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{BB2152AC-1DF0-4915-B540-AE2BB8DB09AF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{D8627223-BC6C-472A-BBD3-FAB170D79E38}C:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe | "TCP Query User{DAD7C359-CA1A-46A8-834E-24BBF3D31007}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{E6F9E236-A99B-4112-B529-1ACB0654E8B8}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | "UDP Query User{27FC9174-2795-45A2-B002-E5614D9E1FC4}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | "UDP Query User{41E0C5EC-36E1-438C-B528-65CB4456F69C}C:\program files\thq\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\thq\titan quest\titan quest.exe | "UDP Query User{978D44EE-0A9F-4D54-8B0C-DF2F4944EB43}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | "UDP Query User{A807774A-E1BC-47EE-BB0C-6A63C47AE302}C:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{A891F6D3-61F4-4A57-AC88-A4B6C00995FE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{C84D26DD-729E-4864-8870-256BE4195642}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C92C88EE-DA07-46AB-B88A-2F9EFDBD410C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{CD6AF78C-BD25-4B81-8806-45C70A2FFA93}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{ED7206FE-E5C3-45AF-B2C3-0453C9F7B1F6}C:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{FA43E5A3-E0D2-49D0-81DA-D51F5B19875A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK-Clientinstallationsprogramm "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3 Days. Zoo Mystery/DE-German_is1" = 3 Days. Zoo Mystery "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Affair Bureau" = Affair Bureau "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "Escape from Lost Island" = Escape from Lost Island "FL Studio 10" = FL Studio 10 "IL Download Manager" = IL Download Manager "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Jewel Mystery: Die Villa" = Jewel Mystery: Die Villa "Jules Vernes: Das Abenteuer Jangada" = Jules Vernes: Das Abenteuer Jangada "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Midnight Mysteries: Teufel auf dem Mississippi" = Midnight Mysteries: Teufel auf dem Mississippi "Mobile Partner" = Mobile Partner "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Odyssee ins Ungewisse" = Odyssee ins Ungewisse "Picasa 3" = Picasa 3 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u) "SpeedFan" = SpeedFan (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Mystery of the Mary Celeste/DE-German_is1" = Das Geheimnis der Mary Celeste "Uninstall_is1" = Uninstall 1.0.0.1 "VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display "VLC media player" = VLC media player 1.1.7 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.08.2012 18:17:12 | Computer Name = Mama-PC | Source = EventSystem | ID = 4609 Description = Error - 16.08.2012 18:20:52 | Computer Name = Mama-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584 Description = Error - 16.08.2012 18:29:25 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007 Description = Error - 16.08.2012 18:54:36 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007 Description = Error - 16.08.2012 20:38:04 | Computer Name = Mama-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung NightmareOnThePacific_og.exe, Version 1.1.1.4, Zeitstempel 0x4d4fd2da, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x4ada6f00, Prozess-ID 0xf04, Anwendungsstartzeit 01cd7c0b9a20c400. Error - 17.08.2012 05:34:19 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007 Description = Error - 17.08.2012 06:47:32 | Computer Name = Mama-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 738 Anfangszeit: 01cd7c656c3cb2b7 Zeitpunkt der Beendigung: 16 Error - 17.08.2012 06:48:35 | Computer Name = Mama-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e6c Anfangszeit: 01cd7c65bc708e5c Zeitpunkt der Beendigung: 16 Error - 17.08.2012 06:50:40 | Computer Name = Mama-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.55.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: fd0 Anfangszeit: 01cd7c65de3bde10 Zeitpunkt der Beendigung: 0 Error - 17.08.2012 06:51:03 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 16.08.2012 18:48:13 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.08.2012 18:48:13 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.08.2012 05:27:44 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.08.2012 05:27:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.08.2012 05:27:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.08.2012 05:32:55 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7022 Description = Error - 17.08.2012 06:43:19 | Computer Name = Mama-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 17.08.2012 um 12:11:44 unerwartet heruntergefahren. Error - 17.08.2012 06:44:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.08.2012 06:44:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = Error - 17.08.2012 06:44:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001 Description = < End of report > |
17.08.2012, 15:55 | #2 |
/// Helfer-Team | GVU Trojaner Infektion Windows VistaFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL DRV - (WG111T) -- system32\DRIVERS\WG111Tv.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes,DefaultScope = {19AD08EA-03F1-488E-B94B-C05722DA6C8D} IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}: "URL" = http://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\Toolbar\WebBrowser: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [recinfo28] c:\RecInfo\RecInfo.exe () O4 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000..\Run: [huufr.exe] C:\Users\Mama\AppData\Roaming\Ugih\huufr.exe File not found O4 - Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.08.2012_12-35.lnk = C:\Users\Mama\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.08.2012_12-35\startup.exe () O7 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell - "" = AutoRun O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell - "" = AutoRun O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell - "" = AutoRun O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe [2012.08.17 00:14:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad @Alternate Data Stream - 403 bytes -> C:\ProgramData\Temp:6891C915 @Alternate Data Stream - 392 bytes -> C:\ProgramData\Temp:CE1DA626 @Alternate Data Stream - 391 bytes -> C:\ProgramData\Temp:E603155F @Alternate Data Stream - 380 bytes -> C:\ProgramData\Temp:8B38FB22 @Alternate Data Stream - 378 bytes -> C:\ProgramData\Temp:98838593 @Alternate Data Stream - 375 bytes -> C:\ProgramData\Temp:691A064E @Alternate Data Stream - 375 bytes -> C:\ProgramData\Temp:66CBBDB8 @Alternate Data Stream - 370 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 367 bytes -> C:\ProgramData\Temp:75B3F7A3 @Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:4B112591 @Alternate Data Stream - 359 bytes -> C:\ProgramData\Temp:401444AD @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:D323F5EF @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:136DD674 @Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:EC2C753C @Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:A90435A2 @Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:65E5A65A @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:BF3CB074 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D624FC7E @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:8F7ECF6A @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E1069F99 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:D612C9AF @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:CAA2D3CC @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:92DC6D95 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:91CF76E3 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:4FADDE0F @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:14982C34 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:D44D0CA3 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CCBF0D67 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:799B8AA7 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5B2D0200 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:072B9E55 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:FE287FAF @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:B45E2DC6 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:87C92DF3 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:864A52B8 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:5E0617AC @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2BEBE57F @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:26140299 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:24AB14E7 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E60A0116 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:9F9D57FD @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:9DDF16A0 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:981349EA @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4B6FD339 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1F2BE70F @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B5C74AE4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8F54A01C @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:72E546C1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3A172552 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EB3A09D6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DB051353 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D156DCC8 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C40E212B @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B8B102B9 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:76AA316A @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:6094C43B @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0AE8FC60 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E380FC9B @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:926B6E7A @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:8AD8C82D @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6CBAF5F3 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4E87B1CC @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8C458D50 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1E66EE85 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1E3397DC @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C8E9D804 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C70C12CF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8C885EDD @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:71D06554 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:42942A7F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0BFCB272 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E89EDC52 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D5805A05 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C953979F @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C7052D89 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C3A4217C @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A38E5103 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:46D3A554 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:EAB1AD1B @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:8BBD1F9A @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:7C0CBD4C @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6D9FC225 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:63A71C6F @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52FE3CCD @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:42275BC2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2A578A48 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1FD226D @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CF2C26D2 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7E7C5DB5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:45AF97B8 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:20B9E63F @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0D31DA45 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:FA454DFF @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F97550B0 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:D3FFFBA9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B652B720 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5095D8B1 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3B9582E0 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DD3F5AF4 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:70D21A0C @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:31DA63EA @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E79EFDA4 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:D478F292 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5D51D132 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:17DA7CD5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CC3B950A @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:AABA76BE @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A98B0BB8 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A047BC0D @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:940ECC98 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7A0A894A @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:550179F5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:541F9F51 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:861A898F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7B2BC634 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3F22DA14 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3031D8E8 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:B894C266 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:A9C63474 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6F160860 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:371C7196 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2EB8C6BB @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E98C5DD9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:AA7BE830 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2020565D @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:956EC010 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:726A7C8D @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:687D1056 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3005D353 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:23CB5E78 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F01E7F17 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BDDE9892 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:68C4BECC @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1AE31F2A @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FF25B447 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E60D24D7 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DBCF903F @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A9D9351A @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7DBF4CE6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:68AB648F @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2A615C9C @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F878F14A @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BBA04CB2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0C5A6770 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FDAF118C @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C0601E00 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:BC521608 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:735575D8 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:20BC9A76 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D4DCC75D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B5A5F21A @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D4A7C55A @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C8F88A8F @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C2F24DB5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:7C3E753C @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:798F4CE4 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5A27D490 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C44E62F1 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E27CEAF @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8C443193 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:85316D14 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:84E5776A @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3FC46878 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:389D51A1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3095BD69 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8AB6C1D7 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373C6DC2 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:580E04D8 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F1FE38D7 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2FAFBD6A [2012.08.12 01:14:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.08.12 01:15:41 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Affair Bureau.lnk [2012.08.12 01:15:29 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk [2012.08.12 01:16:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk [2012.08.12 01:16:39 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Escape from Lost Island.lnk :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
17.08.2012, 16:10 | #3 |
| GVU Trojaner Infektion Windows Vista Hier das gewünschte OTL file:
__________________Code:
ATTFilter All processes killed ========== OTL ========== Service WG111T stopped successfully! Service WG111T deleted successfully! File system32\DRIVERS\WG111Tv.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service huawei_enumerator stopped successfully! Service huawei_enumerator deleted successfully! File system32\DRIVERS\ew_jubusenum.sys File not found not found. Service ew_hwusbdev stopped successfully! Service ew_hwusbdev deleted successfully! File system32\DRIVERS\ew_hwusbdev.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\system32\drivers\blbdrive.sys File not found not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}\ not found. HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "about:blank" removed from browser.startup.homepage Prefs.js: 4 removed from network.proxy.type Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\recinfo28 deleted successfully. c:\RecInfo\RecInfo.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Run\\huufr.exe deleted successfully. C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.08.2012_12-35.lnk moved successfully. C:\Users\Mama\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.08.2012_12-35\startup.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ not found. File F:\Install.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d178e-230c-11e0-9dc7-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d178e-230c-11e0-9dc7-001e3302a02e}\ not found. File F:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ not found. File F:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ae517d-9744-11df-bd71-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ae517d-9744-11df-bd71-001e3302a02e}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\AutoRun.exe not found. C:\ProgramData\ism_0_llatsni.pad moved successfully. ADS C:\ProgramData\Temp:6891C915 deleted successfully. ADS C:\ProgramData\Temp:CE1DA626 deleted successfully. ADS C:\ProgramData\Temp:E603155F deleted successfully. ADS C:\ProgramData\Temp:8B38FB22 deleted successfully. ADS C:\ProgramData\Temp:98838593 deleted successfully. ADS C:\ProgramData\Temp:691A064E deleted successfully. ADS C:\ProgramData\Temp:66CBBDB8 deleted successfully. ADS C:\ProgramData\Temp:B203B914 deleted successfully. ADS C:\ProgramData\Temp:75B3F7A3 deleted successfully. ADS C:\ProgramData\Temp:4B112591 deleted successfully. ADS C:\ProgramData\Temp:401444AD deleted successfully. ADS C:\ProgramData\Temp:D323F5EF deleted successfully. ADS C:\ProgramData\Temp:136DD674 deleted successfully. ADS C:\ProgramData\Temp:EC2C753C deleted successfully. ADS C:\ProgramData\Temp:A90435A2 deleted successfully. ADS C:\ProgramData\Temp:65E5A65A deleted successfully. ADS C:\ProgramData\Temp:BF3CB074 deleted successfully. ADS C:\ProgramData\Temp:D624FC7E deleted successfully. ADS C:\ProgramData\Temp:8F7ECF6A deleted successfully. ADS C:\ProgramData\Temp:E1069F99 deleted successfully. ADS C:\ProgramData\Temp:D612C9AF deleted successfully. ADS C:\ProgramData\Temp:CAA2D3CC deleted successfully. ADS C:\ProgramData\Temp:92DC6D95 deleted successfully. ADS C:\ProgramData\Temp:91CF76E3 deleted successfully. ADS C:\ProgramData\Temp:4FADDE0F deleted successfully. ADS C:\ProgramData\Temp:14982C34 deleted successfully. ADS C:\ProgramData\Temp:D44D0CA3 deleted successfully. ADS C:\ProgramData\Temp:CCBF0D67 deleted successfully. ADS C:\ProgramData\Temp:799B8AA7 deleted successfully. ADS C:\ProgramData\Temp:5B2D0200 deleted successfully. ADS C:\ProgramData\Temp:072B9E55 deleted successfully. ADS C:\ProgramData\Temp:FE287FAF deleted successfully. ADS C:\ProgramData\Temp:B45E2DC6 deleted successfully. ADS C:\ProgramData\Temp:87C92DF3 deleted successfully. ADS C:\ProgramData\Temp:864A52B8 deleted successfully. ADS C:\ProgramData\Temp:5E0617AC deleted successfully. ADS C:\ProgramData\Temp:2BEBE57F deleted successfully. ADS C:\ProgramData\Temp:26140299 deleted successfully. ADS C:\ProgramData\Temp:24AB14E7 deleted successfully. ADS C:\ProgramData\Temp:E60A0116 deleted successfully. ADS C:\ProgramData\Temp:9F9D57FD deleted successfully. ADS C:\ProgramData\Temp:9DDF16A0 deleted successfully. ADS C:\ProgramData\Temp:981349EA deleted successfully. ADS C:\ProgramData\Temp:4B6FD339 deleted successfully. ADS C:\ProgramData\Temp:1F2BE70F deleted successfully. ADS C:\ProgramData\Temp:B5C74AE4 deleted successfully. ADS C:\ProgramData\Temp:8F54A01C deleted successfully. ADS C:\ProgramData\Temp:72E546C1 deleted successfully. ADS C:\ProgramData\Temp:3A172552 deleted successfully. ADS C:\ProgramData\Temp:EB3A09D6 deleted successfully. ADS C:\ProgramData\Temp:DB051353 deleted successfully. ADS C:\ProgramData\Temp:D156DCC8 deleted successfully. ADS C:\ProgramData\Temp:C40E212B deleted successfully. ADS C:\ProgramData\Temp:B8B102B9 deleted successfully. ADS C:\ProgramData\Temp:76AA316A deleted successfully. ADS C:\ProgramData\Temp:6094C43B deleted successfully. ADS C:\ProgramData\Temp:0AE8FC60 deleted successfully. ADS C:\ProgramData\Temp:E380FC9B deleted successfully. ADS C:\ProgramData\Temp:926B6E7A deleted successfully. ADS C:\ProgramData\Temp:8AD8C82D deleted successfully. ADS C:\ProgramData\Temp:6CBAF5F3 deleted successfully. ADS C:\ProgramData\Temp:4E87B1CC deleted successfully. ADS C:\ProgramData\Temp:8C458D50 deleted successfully. ADS C:\ProgramData\Temp:1E66EE85 deleted successfully. ADS C:\ProgramData\Temp:1E3397DC deleted successfully. ADS C:\ProgramData\Temp:C8E9D804 deleted successfully. ADS C:\ProgramData\Temp:C70C12CF deleted successfully. ADS C:\ProgramData\Temp:8C885EDD deleted successfully. ADS C:\ProgramData\Temp:71D06554 deleted successfully. ADS C:\ProgramData\Temp:42942A7F deleted successfully. ADS C:\ProgramData\Temp:0BFCB272 deleted successfully. ADS C:\ProgramData\Temp:E89EDC52 deleted successfully. ADS C:\ProgramData\Temp:D5805A05 deleted successfully. ADS C:\ProgramData\Temp:C953979F deleted successfully. ADS C:\ProgramData\Temp:C7052D89 deleted successfully. ADS C:\ProgramData\Temp:C3A4217C deleted successfully. ADS C:\ProgramData\Temp:A38E5103 deleted successfully. ADS C:\ProgramData\Temp:46D3A554 deleted successfully. ADS C:\ProgramData\Temp:EAB1AD1B deleted successfully. ADS C:\ProgramData\Temp:8BBD1F9A deleted successfully. ADS C:\ProgramData\Temp:7C0CBD4C deleted successfully. ADS C:\ProgramData\Temp:6D9FC225 deleted successfully. ADS C:\ProgramData\Temp:63A71C6F deleted successfully. ADS C:\ProgramData\Temp:52FE3CCD deleted successfully. ADS C:\ProgramData\Temp:42275BC2 deleted successfully. ADS C:\ProgramData\Temp:2A578A48 deleted successfully. ADS C:\ProgramData\Temp:D1FD226D deleted successfully. ADS C:\ProgramData\Temp:CF2C26D2 deleted successfully. ADS C:\ProgramData\Temp:7E7C5DB5 deleted successfully. ADS C:\ProgramData\Temp:45AF97B8 deleted successfully. ADS C:\ProgramData\Temp:20B9E63F deleted successfully. ADS C:\ProgramData\Temp:0D31DA45 deleted successfully. ADS C:\ProgramData\Temp:FA454DFF deleted successfully. ADS C:\ProgramData\Temp:F97550B0 deleted successfully. ADS C:\ProgramData\Temp:D3FFFBA9 deleted successfully. ADS C:\ProgramData\Temp:B652B720 deleted successfully. ADS C:\ProgramData\Temp:5095D8B1 deleted successfully. ADS C:\ProgramData\Temp:3B9582E0 deleted successfully. ADS C:\ProgramData\Temp:DD3F5AF4 deleted successfully. ADS C:\ProgramData\Temp:70D21A0C deleted successfully. ADS C:\ProgramData\Temp:31DA63EA deleted successfully. ADS C:\ProgramData\Temp:E79EFDA4 deleted successfully. ADS C:\ProgramData\Temp:D478F292 deleted successfully. ADS C:\ProgramData\Temp:A724744F deleted successfully. ADS C:\ProgramData\Temp:5D51D132 deleted successfully. ADS C:\ProgramData\Temp:17DA7CD5 deleted successfully. ADS C:\ProgramData\Temp:CC3B950A deleted successfully. ADS C:\ProgramData\Temp:AABA76BE deleted successfully. ADS C:\ProgramData\Temp:A98B0BB8 deleted successfully. ADS C:\ProgramData\Temp:A047BC0D deleted successfully. ADS C:\ProgramData\Temp:940ECC98 deleted successfully. ADS C:\ProgramData\Temp:7A0A894A deleted successfully. ADS C:\ProgramData\Temp:550179F5 deleted successfully. ADS C:\ProgramData\Temp:541F9F51 deleted successfully. ADS C:\ProgramData\Temp:861A898F deleted successfully. ADS C:\ProgramData\Temp:7B2BC634 deleted successfully. ADS C:\ProgramData\Temp:3F22DA14 deleted successfully. ADS C:\ProgramData\Temp:3031D8E8 deleted successfully. ADS C:\ProgramData\Temp:B894C266 deleted successfully. ADS C:\ProgramData\Temp:A9C63474 deleted successfully. ADS C:\ProgramData\Temp:6F160860 deleted successfully. ADS C:\ProgramData\Temp:371C7196 deleted successfully. ADS C:\ProgramData\Temp:2EB8C6BB deleted successfully. ADS C:\ProgramData\Temp:E98C5DD9 deleted successfully. ADS C:\ProgramData\Temp:AA7BE830 deleted successfully. ADS C:\ProgramData\Temp:A5584049 deleted successfully. ADS C:\ProgramData\Temp:2020565D deleted successfully. ADS C:\ProgramData\Temp:956EC010 deleted successfully. ADS C:\ProgramData\Temp:726A7C8D deleted successfully. ADS C:\ProgramData\Temp:687D1056 deleted successfully. ADS C:\ProgramData\Temp:3005D353 deleted successfully. ADS C:\ProgramData\Temp:23CB5E78 deleted successfully. ADS C:\ProgramData\Temp:F01E7F17 deleted successfully. ADS C:\ProgramData\Temp:BDDE9892 deleted successfully. ADS C:\ProgramData\Temp:68C4BECC deleted successfully. ADS C:\ProgramData\Temp:1AE31F2A deleted successfully. ADS C:\ProgramData\Temp:FF25B447 deleted successfully. ADS C:\ProgramData\Temp:E60D24D7 deleted successfully. ADS C:\ProgramData\Temp:DBCF903F deleted successfully. ADS C:\ProgramData\Temp:A9D9351A deleted successfully. ADS C:\ProgramData\Temp:7DBF4CE6 deleted successfully. ADS C:\ProgramData\Temp:68AB648F deleted successfully. ADS C:\ProgramData\Temp:2A615C9C deleted successfully. ADS C:\ProgramData\Temp:F878F14A deleted successfully. ADS C:\ProgramData\Temp:BBA04CB2 deleted successfully. ADS C:\ProgramData\Temp:0C5A6770 deleted successfully. ADS C:\ProgramData\Temp:FDAF118C deleted successfully. ADS C:\ProgramData\Temp:C0601E00 deleted successfully. ADS C:\ProgramData\Temp:BC521608 deleted successfully. ADS C:\ProgramData\Temp:735575D8 deleted successfully. ADS C:\ProgramData\Temp:20BC9A76 deleted successfully. ADS C:\ProgramData\Temp:D4DCC75D deleted successfully. ADS C:\ProgramData\Temp:B5A5F21A deleted successfully. ADS C:\ProgramData\Temp:8F925134 deleted successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ADS C:\ProgramData\Temp:D4A7C55A deleted successfully. ADS C:\ProgramData\Temp:C8F88A8F deleted successfully. ADS C:\ProgramData\Temp:C2F24DB5 deleted successfully. ADS C:\ProgramData\Temp:7C3E753C deleted successfully. ADS C:\ProgramData\Temp:798F4CE4 deleted successfully. ADS C:\ProgramData\Temp:5A27D490 deleted successfully. ADS C:\ProgramData\Temp:C44E62F1 deleted successfully. ADS C:\ProgramData\Temp:7E27CEAF deleted successfully. ADS C:\ProgramData\Temp:8C443193 deleted successfully. ADS C:\ProgramData\Temp:85316D14 deleted successfully. ADS C:\ProgramData\Temp:84E5776A deleted successfully. ADS C:\ProgramData\Temp:3FC46878 deleted successfully. ADS C:\ProgramData\Temp:389D51A1 deleted successfully. ADS C:\ProgramData\Temp:3095BD69 deleted successfully. ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully. ADS C:\ProgramData\Temp:373C6DC2 deleted successfully. ADS C:\ProgramData\Temp:580E04D8 deleted successfully. ADS C:\ProgramData\Temp:F1FE38D7 deleted successfully. ADS C:\ProgramData\Temp:2FAFBD6A deleted successfully. C:\Users\Public\Desktop\GAME CENTER.lnk moved successfully. C:\Users\Public\Desktop\Affair Bureau.lnk moved successfully. C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk moved successfully. C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk moved successfully. C:\Users\Public\Desktop\Escape from Lost Island.lnk moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Mama\Desktop\cmd.bat deleted successfully. C:\Users\Mama\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mama ->Temp folder emptied: 186297464 bytes ->Temporary Internet Files folder emptied: 251918041 bytes ->Java cache emptied: 166198289 bytes ->FireFox cache emptied: 216960926 bytes ->Flash cache emptied: 5967386 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 472704674 bytes RecycleBin emptied: 115744040 bytes Total Files Cleaned = 1.350,00 mb OTL by OldTimer - Version 3.2.55.0 log created on 08172012_170106 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
17.08.2012, 17:43 | #4 |
/// Helfer-Team | GVU Trojaner Infektion Windows Vista Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
17.08.2012, 21:08 | #5 |
| GVU Trojaner Infektion Windows Vista Der rechner läuft wieder besser und hier die gewünschten log files: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.17.06 Windows Vista x86 NTFS Internet Explorer 7.0.6000.17037 Mama :: MAMA-PC [Administrator] Schutz: Aktiviert 17.08.2012 19:20:19 mbam-log-2012-08-17 (19-20-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385849 Laufzeit: 2 Stunde(n), 42 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/17/2012 at 22:05:14 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium (32 bits) # User : Mama - MAMA-PC # Boot Mode : Normal # Running from : C:\Users\Mama\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Mama\AppData\Local\Conduit Folder Found : C:\Users\Mama\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Mama\AppData\LocalLow\Conduit Folder Found : C:\Users\Mama\AppData\LocalLow\facemoods.com Folder Found : C:\Users\Mama\AppData\Roaming\Iminent Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\Conduit Folder Found : C:\ProgramData\Trymedia File Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\searchplugins\Conduit.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Key Found : HKCU\Software\Iminent Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Found : HKLM\SOFTWARE\Iminent Key Found : HKLM\SOFTWARE\Informer Technologies, Inc.\OpenCandy Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} ***** [Internet Browsers] ***** -\\ Internet Explorer v7.0.6000.17037 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\prefs.js Found : user_pref("CT2319825..clientLogIsEnabled", true); Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2319825.CTID", "ct2319825"); Found : user_pref("CT2319825.CommunitiesChangesLastCheckTime", "0"); Found : user_pref("CT2319825.CurrentServerDate", "17-8-2011"); Found : user_pref("CT2319825.DialogsAlignMode", "LTR"); Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Aug 17 2011 18:14:02 GMT+0200"); Found : user_pref("CT2319825.DownloadReferralCookieData", ""); Found : user_pref("CT2319825.EMailNotifierPollDate", "Tue Jun 14 2011 09:24:57 GMT+0200"); Found : user_pref("CT2319825.EnableClickToSearchBox", false); Found : user_pref("CT2319825.EnableSearchHistory", false); Found : user_pref("CT2319825.EnableSearchSuggest", false); Found : user_pref("CT2319825.FeedPollDate11908299", "Tue Jun 14 2011 21:27:05 GMT+0200"); Found : user_pref("CT2319825.FirstServerDate", "14-6-2011"); Found : user_pref("CT2319825.FirstTime", true); Found : user_pref("CT2319825.FirstTimeFF3", true); Found : user_pref("CT2319825.FixPageNotFoundErrors", false); Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2319825.HasUserGlobalKeys", true); Found : user_pref("CT2319825.Initialize", true); Found : user_pref("CT2319825.InitializeCommonPrefs", true); Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2319825.InstallationType", "ConduitIntegration"); Found : user_pref("CT2319825.InstalledDate", "Tue Jun 14 2011 09:24:57 GMT+0200"); Found : user_pref("CT2319825.IsGrouping", false); Found : user_pref("CT2319825.IsMulticommunity", false); Found : user_pref("CT2319825.IsOpenThankYouPage", false); Found : user_pref("CT2319825.IsOpenUninstallPage", true); Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:25:03 GMT+0200"); Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2319825.LastLogin_3.3.3.2", "Tue Jun 14 2011 17:24:55 GMT+0200"); Found : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Aug 17 2011 18:13:57 GMT+0200"); Found : user_pref("CT2319825.LatestVersion", "3.6.0.10"); Found : user_pref("CT2319825.Locale", "de"); Found : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Found : user_pref("CT2319825.MCDetectTooltipShow", false); Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2319825.RadioIsPodcast", false); Found : user_pref("CT2319825.RadioMediaID", "11949532"); Found : user_pref("CT2319825.RadioMediaType", "Media Player"); Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Found : user_pref("CT2319825.RadioStationName", "1Live"); Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Found : user_pref("CT2319825.SHRINK_TOOLBAR", 1); Found : user_pref("CT2319825.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CT2319825.SearchBackToDefaultEngine", false); Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...] Found : user_pref("CT2319825.SearchInNewTabEnabled", true); Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200"); Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2319825.SearchInNewTabUserEnabled", false); Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Aug 17 2011 18:13:56 GMT+0200"); Found : user_pref("CT2319825.SettingsLastCheckTime", "Tue Jun 14 2011 09:24:45 GMT+0200"); Found : user_pref("CT2319825.SettingsLastUpdate", "1307629896"); Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Jun 14 2011 09:24:45 GMT+0200"); Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825"); Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2319825.Uninstall", true); Found : user_pref("CT2319825.UserID", "UN23697023578223975"); Found : user_pref("CT2319825.WeatherNetwork", ""); Found : user_pref("CT2319825.WeatherPollDate", "Tue Jun 14 2011 09:25:04 GMT+0200"); Found : user_pref("CT2319825.WeatherUnit", "C"); Found : user_pref("CT2319825.alertChannelId", "715912"); Found : user_pref("CT2319825.backendstorage.id", "3133313030313234"); Found : user_pref("CT2319825.components.1000034", false); Found : user_pref("CT2319825.components.1000082", false); Found : user_pref("CT2319825.components.1000234", false); Found : user_pref("CT2319825.components.129136390572498374", false); Found : user_pref("CT2319825.ct2319825.DialogsAlignMode", "LTR"); Found : user_pref("CT2319825.ct2319825.GroupingInvalidateCache", false); Found : user_pref("CT2319825.ct2319825.GroupingLastCheckTime", "0"); Found : user_pref("CT2319825.ct2319825.GroupingLastServerUpdateTime", "0"); Found : user_pref("CT2319825.ct2319825.InvalidateCache", false); Found : user_pref("CT2319825.ct2319825.LanguagePackLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200"); Found : user_pref("CT2319825.ct2319825.Locale", "de"); Found : user_pref("CT2319825.ct2319825.RadioLastCheckTime", "Tue Jun 14 2011 15:13:19 GMT+0200"); Found : user_pref("CT2319825.ct2319825.RadioLastUpdateIPServer", "0"); Found : user_pref("CT2319825.ct2319825.SearchInNewTabLastCheckTime", "Wed Aug 17 2011 18:13:57 GMT+0200"); Found : user_pref("CT2319825.ct2319825.SettingsLastCheckTime", "Wed Aug 17 2011 18:13:55 GMT+0200"); Found : user_pref("CT2319825.ct2319825.SettingsLastUpdate", "1313478201"); Found : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastCheck", "Wed Aug 17 2011 18:13:55 GMT+0200"); Found : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2319825.ct2319825.components.128903248917881403", false); Found : user_pref("CT2319825.ct2319825.components.129264494738128351", false); Found : user_pref("CT2319825.ct2319825.components.129264512281565287", false); Found : user_pref("CT2319825.ct2319825.components.129277509933662715", false); Found : user_pref("CT2319825.ct2319825.components.129309281463312841", false); Found : user_pref("CT2319825.ct2319825.components.129453462855350877", false); Found : user_pref("CT2319825.ct2319825.globalFirstTimeInfoLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200[...] Found : user_pref("CT2319825.ct2319825.toolbarAppMetaDataLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...] Found : user_pref("CT2319825.ct2319825.toolbarContextMenuLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...] Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200"); Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true); Found : user_pref("CT2319825.initDone", true); Found : user_pref("CT2319825.isAppTrackingManagerOn", true); Found : user_pref("CT2319825.myStuffEnabled", true); Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,129309281463312841,129[...] Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2319825.searchProtectorEnableByLogin", true); Found : user_pref("CT2319825.testingCtid", ""); Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue Jun 14 2011 09:24:57 GMT+0200"); Found : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200"); Found : user_pref("CT2319825.usageEnabled", false); Found : user_pref("CT2319825.usagesFlag", 1); Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2319825/CT2319825[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", true); Found : user_pref("CommunityToolbar.EngineOwner", "CT2319825"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload"); Found : user_pref("CommunityToolbar.IsEngineShown", false); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://start.facemoods.com/results.php?f[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:56 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 11:02:11 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 13:26:13 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "55a1b866-e28c-4bb4-a521-abbea49970c9"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200"); Found : user_pref("CommunityToolbar.globalUserId", "a425e461-7b7d-477a-b33a-0e068c885439"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 12:24:46 GMT+0200"); Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200"); Found : user_pref("ConduitEngine.FirstServerDate", "06/14/2011 10"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.HideEngineAfterRestart", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Tue Jun 14 2011 09:24:55 GMT+0200"); Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200"); Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 14 2011 18:24:53 GMT+0200"); Found : user_pref("ConduitEngine.PublisherContainerWidth", 0); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 14 2011 18:24:44 GMT+0200"); Found : user_pref("ConduitEngine.UserID", "UN44179821568106090"); Found : user_pref("ConduitEngine.engineLocale", "de"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200"); Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 21:24:53 GMT+0200"); Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...] Found : user_pref("extensions.facemoods.aflt", "_#ddr"); Found : user_pref("extensions.facemoods.firstRun", false); Found : user_pref("extensions.facemoods.lastActv", "23"); Found : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="); Profile name : default-1136075560189 [Profil par défaut] File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [24427 octets] - [17/08/2012 22:05:14] ########## EOF - C:\AdwCleaner[R1].txt - [24556 octets] ########## |
18.08.2012, 15:01 | #6 |
/// Helfer-Team | GVU Trojaner Infektion Windows Vista Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GVU Trojaner Infektion Windows Vista |
18.08.2012, 15:23 | #7 |
| GVU Trojaner Infektion Windows Vista das andere porgramm kann ich bei mir nicht installieren,da ich angeblich kein service pack 2 von windows vista drauf habe!es kommt die meldung:für den betrieb auf windows vista oder windows server 2008 ist das service pack 2 erforderlich!! hier das adwcleaner file: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/18/2012 at 16:06:30 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium (32 bits) # User : Mama - MAMA-PC # Boot Mode : Normal # Running from : C:\Users\Mama\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Mama\AppData\Local\Conduit Folder Deleted : C:\Users\Mama\AppData\Local\vghd Folder Deleted : C:\Users\Mama\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Mama\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Mama\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\Mama\AppData\Roaming\Iminent Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\Conduit Folder Deleted : C:\ProgramData\Trymedia File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\searchplugins\Conduit.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Deleted : HKLM\SOFTWARE\Iminent Key Deleted : HKLM\SOFTWARE\Informer Technologies, Inc.\OpenCandy Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} ***** [Internet Browsers] ***** -\\ Internet Explorer v7.0.6000.17037 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\prefs.js C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\user.js ... Deleted ! Deleted : user_pref("CT2319825..clientLogIsEnabled", true); Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2319825.CTID", "ct2319825"); Deleted : user_pref("CT2319825.CommunitiesChangesLastCheckTime", "0"); Deleted : user_pref("CT2319825.CurrentServerDate", "17-8-2011"); Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Aug 17 2011 18:14:02 GMT+0200"); Deleted : user_pref("CT2319825.DownloadReferralCookieData", ""); Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Tue Jun 14 2011 09:24:57 GMT+0200"); Deleted : user_pref("CT2319825.EnableClickToSearchBox", false); Deleted : user_pref("CT2319825.EnableSearchHistory", false); Deleted : user_pref("CT2319825.EnableSearchSuggest", false); Deleted : user_pref("CT2319825.FeedPollDate11908299", "Tue Jun 14 2011 21:27:05 GMT+0200"); Deleted : user_pref("CT2319825.FirstServerDate", "14-6-2011"); Deleted : user_pref("CT2319825.FirstTime", true); Deleted : user_pref("CT2319825.FirstTimeFF3", true); Deleted : user_pref("CT2319825.FixPageNotFoundErrors", false); Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2319825.HasUserGlobalKeys", true); Deleted : user_pref("CT2319825.Initialize", true); Deleted : user_pref("CT2319825.InitializeCommonPrefs", true); Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2319825.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2319825.InstalledDate", "Tue Jun 14 2011 09:24:57 GMT+0200"); Deleted : user_pref("CT2319825.IsGrouping", false); Deleted : user_pref("CT2319825.IsMulticommunity", false); Deleted : user_pref("CT2319825.IsOpenThankYouPage", false); Deleted : user_pref("CT2319825.IsOpenUninstallPage", true); Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:25:03 GMT+0200"); Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2319825.LastLogin_3.3.3.2", "Tue Jun 14 2011 17:24:55 GMT+0200"); Deleted : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Aug 17 2011 18:13:57 GMT+0200"); Deleted : user_pref("CT2319825.LatestVersion", "3.6.0.10"); Deleted : user_pref("CT2319825.Locale", "de"); Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2319825.MCDetectTooltipShow", false); Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2319825.RadioIsPodcast", false); Deleted : user_pref("CT2319825.RadioMediaID", "11949532"); Deleted : user_pref("CT2319825.RadioMediaType", "Media Player"); Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532"); Deleted : user_pref("CT2319825.RadioStationName", "1Live"); Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...] Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2319825.SavedHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT2319825.SearchBackToDefaultEngine", false); Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...] Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true); Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200"); Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2319825.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Aug 17 2011 18:13:56 GMT+0200"); Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Tue Jun 14 2011 09:24:45 GMT+0200"); Deleted : user_pref("CT2319825.SettingsLastUpdate", "1307629896"); Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Jun 14 2011 09:24:45 GMT+0200"); Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825"); Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2319825.Uninstall", true); Deleted : user_pref("CT2319825.UserID", "UN23697023578223975"); Deleted : user_pref("CT2319825.WeatherNetwork", ""); Deleted : user_pref("CT2319825.WeatherPollDate", "Tue Jun 14 2011 09:25:04 GMT+0200"); Deleted : user_pref("CT2319825.WeatherUnit", "C"); Deleted : user_pref("CT2319825.alertChannelId", "715912"); Deleted : user_pref("CT2319825.backendstorage.id", "3133313030313234"); Deleted : user_pref("CT2319825.components.1000034", false); Deleted : user_pref("CT2319825.components.1000082", false); Deleted : user_pref("CT2319825.components.1000234", false); Deleted : user_pref("CT2319825.components.129136390572498374", false); Deleted : user_pref("CT2319825.ct2319825.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2319825.ct2319825.GroupingInvalidateCache", false); Deleted : user_pref("CT2319825.ct2319825.GroupingLastCheckTime", "0"); Deleted : user_pref("CT2319825.ct2319825.GroupingLastServerUpdateTime", "0"); Deleted : user_pref("CT2319825.ct2319825.InvalidateCache", false); Deleted : user_pref("CT2319825.ct2319825.LanguagePackLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200"); Deleted : user_pref("CT2319825.ct2319825.Locale", "de"); Deleted : user_pref("CT2319825.ct2319825.RadioLastCheckTime", "Tue Jun 14 2011 15:13:19 GMT+0200"); Deleted : user_pref("CT2319825.ct2319825.RadioLastUpdateIPServer", "0"); Deleted : user_pref("CT2319825.ct2319825.SearchInNewTabLastCheckTime", "Wed Aug 17 2011 18:13:57 GMT+0200"); Deleted : user_pref("CT2319825.ct2319825.SettingsLastCheckTime", "Wed Aug 17 2011 18:13:55 GMT+0200"); Deleted : user_pref("CT2319825.ct2319825.SettingsLastUpdate", "1313478201"); Deleted : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastCheck", "Wed Aug 17 2011 18:13:55 GMT+0200"); Deleted : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2319825.ct2319825.components.128903248917881403", false); Deleted : user_pref("CT2319825.ct2319825.components.129264494738128351", false); Deleted : user_pref("CT2319825.ct2319825.components.129264512281565287", false); Deleted : user_pref("CT2319825.ct2319825.components.129277509933662715", false); Deleted : user_pref("CT2319825.ct2319825.components.129309281463312841", false); Deleted : user_pref("CT2319825.ct2319825.components.129453462855350877", false); Deleted : user_pref("CT2319825.ct2319825.globalFirstTimeInfoLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200[...] Deleted : user_pref("CT2319825.ct2319825.toolbarAppMetaDataLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...] Deleted : user_pref("CT2319825.ct2319825.toolbarContextMenuLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...] Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200"); Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2319825.initDone", true); Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true); Deleted : user_pref("CT2319825.myStuffEnabled", true); Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,129309281463312841,129[...] Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2319825.testingCtid", ""); Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue Jun 14 2011 09:24:57 GMT+0200"); Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200"); Deleted : user_pref("CT2319825.usageEnabled", false); Deleted : user_pref("CT2319825.usagesFlag", 1); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2319825/CT2319825[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true); Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2319825"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://start.facemoods.com/results.php?f[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:56 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 11:02:11 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 13:26:13 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "55a1b866-e28c-4bb4-a521-abbea49970c9"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200"); Deleted : user_pref("CommunityToolbar.globalUserId", "a425e461-7b7d-477a-b33a-0e068c885439"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 12:24:46 GMT+0200"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200"); Deleted : user_pref("ConduitEngine.FirstServerDate", "06/14/2011 10"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Jun 14 2011 09:24:55 GMT+0200"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200"); Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 14 2011 18:24:53 GMT+0200"); Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 14 2011 18:24:44 GMT+0200"); Deleted : user_pref("ConduitEngine.UserID", "UN44179821568106090"); Deleted : user_pref("ConduitEngine.engineLocale", "de"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200"); Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 21:24:53 GMT+0200"); Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...] Deleted : user_pref("extensions.facemoods.aflt", "_#ddr"); Deleted : user_pref("extensions.facemoods.firstRun", false); Deleted : user_pref("extensions.facemoods.lastActv", "23"); Deleted : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="); Profile name : default-1136075560189 [Profil par défaut] File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [24558 octets] - [17/08/2012 22:05:14] AdwCleaner[S1].txt - [25216 octets] - [18/08/2012 16:06:30] ########## EOF - C:\AdwCleaner[S1].txt - [25345 octets] ########## |
19.08.2012, 17:23 | #8 |
/// Helfer-Team | GVU Trojaner Infektion Windows Vista Alles Windows Updates einspielen, inkl. Service Pack! |
20.08.2012, 02:39 | #9 |
| GVU Trojaner Infektion Windows Vista so jetzt hätten wir es endlich geschafft hier das gewünschte log file: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 20.08.2012 01:17:09 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 20.08.2012 01:18:17 Value: hkey_current_user\software\gog\bloodties --> ambientvolume gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> muted gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> preferredx gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> preferredy gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> screenmode gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> sfxvolume gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> waitforvsync gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> customcursors gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties\test3d --> failurereason gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties --> musicvolume gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties\test3d --> recvidmemory gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties\test3d --> version gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties\test3d --> minvidmemory gefunden: Trace.Registry.gamefiesta blood ties!E1 Value: hkey_current_user\software\gog\bloodties\test3d --> displayguid gefunden: Trace.Registry.gamefiesta blood ties!E1 Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1 Value: hkey_current_user\software\gog\bloodties\test3d --> warning gefunden: Trace.Registry.gamefiesta blood ties!E1 Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1 Value: hkey_current_user\software\gog\bloodties --> inprogress gefunden: Trace.Registry.gamefiesta blood ties!E1 C:\Program Files\Oberon Media SIDR\510005456\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510005445\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510005427\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510005352\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510003836\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510003393\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510001610\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510001296\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510001262\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510001170\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510000628\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Oberon Media SIDR\510000410\GameShell.dll gefunden: Riskware.Monitor.Win32.Perflogger!E2 C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe gefunden: APPL!E2 Gescannt 723340 Gefunden 31 Scan Ende: 20.08.2012 03:36:03 Scan Zeit: 2:17:46 |
20.08.2012, 06:38 | #10 |
/// Helfer-Team | GVU Trojaner Infektion Windows Vista Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
20.08.2012, 21:58 | #11 |
| GVU Trojaner Infektion Windows Vista hier das gewünschte log file: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f6f3046ef6ccd142b4289163c211ab65 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-20 08:51:32 # local_time=2012-08-20 10:51:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 13926215 13926215 0 0 # compatibility_mode=5892 16776573 100 100 59033 183020106 0 0 # compatibility_mode=8192 67108863 100 0 9498 9498 0 0 # scanned=295547 # found=0 # cleaned=0 # scan_time=8514 |
20.08.2012, 22:04 | #12 |
/// Helfer-Team | GVU Trojaner Infektion Windows Vista Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
21.08.2012, 04:23 | #13 |
| GVU Trojaner Infektion Windows Vista PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash (11,3,300,270) ist aktuell. Java (1,7,0,6) ist aktuell. Adobe Reader 10,1,4,38 ist aktuell. ich hab da mal noch ne frage: und zwar läuft mein rechner extrem langsam und rechnet lange vor sich hin.und bei firefox kann ich auch nur maximal 2 tabs öffnen ohne das sich firefox aufhängt.liege ich richtig mit der annahme das der virus da seine finger mit im spiel hat?? selbst die installation und konfiguration von service pack 1+2 hat 6 stunden in anspruch genommen. |
21.08.2012, 16:01 | #14 |
/// Helfer-Team | GVU Trojaner Infektion Windows Vista Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
22.08.2012, 15:32 | #15 |
| GVU Trojaner Infektion Windows Vista danke für die hilfe |
Themen zu GVU Trojaner Infektion Windows Vista |
agency, akamai, antivir, audiodg.exe, aufgehangen, avira, bho, computer, computern, error, euro, firefox, flash player, format, helper, home, kaspersky, logfile, plug-in, registry, rundll, scan, secrets, security, software, svchost.exe, symantec, trojaner, vista, wenig ahnung, windows, wlan |